Skip to content

Commit 303f892

Browse files
schnuerleschnuerle
committed
Clarified Auth for Metrics
1 parent 999823a commit 303f892

2 files changed

Lines changed: 4 additions & 2 deletions

File tree

metrics/README.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,14 +86,16 @@ All interval durations (duration) are [ISO 8601](https://en.wikipedia.org/wiki/I
8686

8787
### For Agencies hosting the Metrics API
8888

89-
When making requests, the Metrics API expects one of two scopes `metrics:read` or `metrics:read:provider` to be present as part of the `scope` claims in a [JWT](https://jwt.io/) `access_token` in the `Authorization` header, in the form `Authorization: Bearer <access_token>`. The token issuance, expiration and revocation policies are at the discretion of the Agency.
89+
When making requests, the Metrics API expects one of two scopes `metrics:read` or `metrics:read:provider` to be present as part of the `scope` claims in a [JSON Web Token](https://jwt.io/) (JWT) `access_token` in the `Authorization` header, in the form `Authorization: Bearer <access_token>`. The token issuance, expiration and revocation policies are at the discretion of the agency. See MDS [JSON Web Token](/general-information.md#json-web-tokens) guidance.
9090

9191
If a client has a `metrics:read` scope, they are permitted to read _all_ metrics available via the Metrics API.
9292

9393
If a client has a `metrics:read:provider` scope, they are only permitted to read metrics which pertain to a particular `provider_id` claim in the aforementioned [JWT](https://jwt.io/) `access_token`.
9494

9595
Further scopes and requirements may be added at the discretion of the Agency, depending on their particular access control needs.
9696

97+
General authorization details are specified in the [Authorization section](/general-information.md#authorization) in MDS General Information.
98+
9799
[Top][toc]
98100

99101
## Data Redaction

provider/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ This specification uses data types including timestamps, UUIDs, and vehicle stat
4545

4646
### Authorization
4747

48-
MDS `providers` **SHALL** provide authorization for API endpoints via a bearer token based auth system, and [JSON Web Token](/general-information.md#json-web-tokens) is the recommended format.
48+
MDS Provider endpoint producers **SHALL** provide authorization for API endpoints via a bearer token based auth system, and [JSON Web Token](/general-information.md#json-web-tokens) is the recommended format.
4949

5050
General authorization details are specified in the [Authorization section](/general-information.md#authorization) in MDS General Information.
5151

0 commit comments

Comments
 (0)